[OpenSIPS-Users] [OpenSIPS-Devel] SSO integration = Custom auth module?

Victor Gamov vit at lipetsk.ru
Fri Sep 19 06:12:15 CEST 2008 

Hi Denis!

If I understand you properly then...

Try to send SSO tokens to RADIUS-server with AUTH_RADIUS module, then
communicate from RADIUS to your SSO-server and send result to OpenSIPS

Another way is to use PERL-module or even EXEC-module

Sukhoroslov Denis wrote:
> Hi,
> 
> Our company provides mobile internet via WiMAX network. There are many 
> services that can be accessed by our mobile clients via HTTP protocol. 
> Now we’d like to provide VoIP (and probably other IMS services in the 
> future) via SIP protocol. On the server side we’re planning to use 
> OpenSIPS. All our HTTP services are integrated with one common 
> authentication module, so we have SSO between HTTP clients. Is it 
> possible to integrate SIP services with SSO as well?
> 
> This is how I can see it:
> 
> -          We have a custom VoIP client app. During authentication 
> procedure with SIP server the app will append SSO token (if any) to the 
> REGISTER request. SSO token can be obtained from our common mobile SSO 
> token store.
> 
> -          The auth module on the server side should check SSO token 
> first. If the token exists the auth module should communicate with SSO 
> server and validate token. If token is valid then the user considered as 
> authenticated and server must respond with 200 OK.
> 
> -          If the token doesn’t exist or is not valid then the regular 
> SIP authentication procedure starts. Auth module must respond with 401 
> Unauthorized.
> 
> -          Client will provide login/password. Auth module will ask SSO 
> server to perform authentication.
> 
> -          In case of success SSO server will open a new SSO session and 
> respond  with new SSO token. Auth module must append the token to the 
> 200 OK response.
> 
> -          Client app stores SSO token to its common store.
> 
> Is it possible to provide such functionality with OpenSIPS, what do you 
> think? Do I need to develop a custom auth module for this, or can I use 
> some existing functionality? Any pointers or links on how to develop and 
> deploy custom modules would be very helpful.

More information about the Users mailing list